[Tickets #4017] NEW: System capacilities test not working for IMAP servers that need TLS

bugs@bugs.horde.org bugs at bugs.horde.org
Wed Jun 7 19:01:57 PDT 2006 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://dev.horde.org/horde/whups/ticket/?id=4017
-----------------------------------------------------------------------
 Ticket             | 4017
 Created By         | Matt Selsky <selsky at columbia.edu>
 Summary            | System capacilities test not working for IMAP servers that need TLS
 Queue              | IMP
 Version            | HEAD
 State              | Unconfirmed
 Priority           | 1. Low
 Type               | Bug
 Owners             | 
-----------------------------------------------------------------------


Matt Selsky <selsky at columbia.edu> (2006-06-07 19:01) wrote:

I'm tring to do the IMAP server capability test on a Cyrus 2.3.x server and
I choose the following options:

Server: imap.domain.name
Port: <blank>
...
Protocol: IMAP

Several valid configurations are returned:

    Configuration 1

        'server' => 'imap.domain.name'
        'protocol' => 'imap'
        'port' => '143'

    Configuration 2

        'server' => 'imap.domain.name'
        'protocol' => 'imap/ssl'
        'port' => '993'

    Configuration 3

        'server' => 'imap.domain.name'
        'protocol' => 'imap/ssl/novalidate-cert'
        'port' => '993'

    Configuration 4

        'server' => 'imap.domain.name'
        'protocol' => 'imap/tls/novalidate-cert'
        'port' => '143'

After that:

The following IMAP server information was discovered from the remote server:

    Could not retrieve IMAP information from the remote server.

I added some debugging statements to imp/test.php:

There are the arguments passed to the IMP_IMAPClient ctor:

server: imap.domain.name
port: 143
protocol: imap

Since the protocol is 'imap', _usetls isn't set to true in IMP_IMAPClient. 
Therefore, $imapclient->useTLS() doesn't do anything (and STARTTLS is never
set) and the login fails because only SSL or TLS logins are permitted on the
server.

It seems like IMP_IMAPClient should try to do TLS mode if it's offered in
the capability string unless the protocol argument includes 'notls' instead
of the current behavior of only doing TLS when specifically requested.  Does
that sound correct?

More information about the bugs mailing list